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Abstract: 

Mobile nodes in military environments such as a battlefield or a hostile region are likely to suffer from 
intermittent network connectivity and frequent partitions. Disruption-tolerant network (DTN) 
technologies are becoming successful solutions that allow wireless devices carried by soldiers to 
communicate with each other and access the confidential information or command reliably by exploiting 
external storage nodes. Some of the most challenging issues in this scenario are the enforcement of 
authorization policies and the policies update for secure data retrieval. Cipher text -policy attribute-based 
encryption (CP-ABE) is a promising cryptographic solution to the access control issues. However, the 
problem of applying CP-ABE in decentralized DTNs introduces several security and privacy challenges 
with regard to the attribute revocation, key escrow, and coordination of attributes issued from different 
authorities. In this paper, we propose a secure data retrieval scheme using CP-ABE for decentralized 
DTNs where multiple key authorities manage their attributes independently. We demonstrate how to 
apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the 
disruption-tolerant military network. 

Index Terms — Access control; attribute-based encryption (ABE); disruption-tolerant network (DTN); 
multiauthority; secure data retrieval 


INTRODUCTION 

In many military network scenarios, 
connections of wireless devices carried by 
soldiers may be temporarily disconnected by 
jamming, environmental factors, and mobility, 
especially when they operate in hostile 
environments. Disruption-tolerant network (DTN) 
technologies are becoming successful solutions 
that allow nodes to communicate with each other 
in these extreme networking environments. 
Typically, when there is no end-to-end connection 
between a source and a destination pair, the 
messages from the source node may need to wait 
in the intermediate nodes for a substantial amount 
of time until the connection would be eventually 


established. Roy and Chuah introduced storage 
nodes in DTNs where data is stored or replicated 
such that only authorized mobile nodes can access 
the necessary information quickly and efficiently. 
Many military applications require increased 
protection of confidential data including access 
control methods that are cryptographically 
enforced. In many cases, it is desirable to provide 
differentiated access services such that data access 
policies are defined over user attributes or roles, 
which are managed by the key authorities. For 
example, in a disruption-tolerant military network, 
a commander may store confidential information 
at a storage node, which should be accessed by 
members of “Battalion 1” who are participating in 
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“Region 2.” In this case, it is a reasonable 
assumption that multiple key authorities are likely 
to manage their own dynamic attributes for 
soldiers in their deployed regions or echelons, 
which could be frequently changed (e.g., the 
attribute representing current location of moving 
soldiers). We refer to this DTN architecture where 
multiple authorities issue and manage their own 
attribute keys independently as a decentralized 
DTN. Military network scenarios, connections of 
wireless devices carried by soldiers may be 
temporarily disconnected by jamming, 
environmental factors, and mobility, especially 
when they operate in hostile environments. 
Disruption-tolerant network (DTN) technologies 
are becoming successful solutions that allow 
nodes to communicate with each other in these 
extreme networking environments [1]— [3]. 

Typically, when there is no end-to-end connection 
between a source and a destination pair, the 
messages from the source node may need to wait 
in the intermediate nodes for a substantial amount 
of time until the connection would be eventually 
established. Roy [4] and Chuah [5] introduced 
storage nodes in DTNs where data is stored or 
rephcated such that only authorized mobile nodes 
can access the necessary information quickly and 
efficiently. Many military applications require 
increased protection of confidential data including 
access control methods that are cryptographically 
enforced [6], [7]. In many cases, it is desirable to 
provide differentiated access services such that 
data access policies are defined over user 
attributes or roles, which are managed by the key 
authorities. For example, in a disruption-tolerant 
military network, a commander may store a 
confidential information at a storage node, which 
should be accessed by members of “Battalion 1” 
who are participating in “Region 2.” In this case, 
it is a reasonable assumption that multiple key 


authorities are likely to manage their own 
dynamic attributes for soldiers in their deployed 
regions or echelons, which could be frequently 
changed (e.g., the attribute representing current 
location of moving soldiers) [4], [8], [9]. We refer 
to this DTN architecture where multiple 
authorities issue and manage their own attribute 
keys independently as a decentralized DTN [10]. 
The concept of attribute-based encryption (ABE) 
[ 1 1]— [ 14] is a promising approach that fulfills the 
requirements for secure data retrieval in DTNs. 
ABE features a mechanism that enables an access 
control over encrypted data using access pohcies 
and ascribed attributes among private keys and 
cipher texts. Especially, cipher text-policy ABE 
(CP-ABE) provides a scalable way of encrypting 
data such that the encrypt or defines the attribute 
set that the decryptor needs to possess in order to 
decrypt the cipher text [13]. Thus, different users 
are allowed to decrypt different pieces of data per 
the security policy. However, the problem of 
applying the ABE to DTNs introduces several 
security and privacy challenges. Since some users 
may change their associated attributes at some 
point (for example, moving their region), or some 
private keys might be compromised, key 
revocation (or update) for each attribute is 
necessary in order to make systems secure. 
However, this issue is even more difficult, 
especially in ABE systems, since each attribute is 
conceivably shared by multiple users (henceforth, 
we refer to such a collection of users as an 
attribute group). This implies that revocation of 
any attribute or any single user in an attribute 
group would affect the other users in the group. 
For example, if a user joins or leaves an attribute 
group, the associated attribute key should be 
changed and redistributed to all the other 
members in the same group for backward or 
forward secrecy. It may result in bottleneck 
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during rekeying procedure or security degradation 
due to the windows of vulnerability if the 
previous attribute key is not updated immediately. 
Another challenge is the key escrow problem. In 
CP-ABE, the key authority generates private keys 
of users by applying the authority’s master secret 
keys to users’ associated set of attributes. Thus, 
the key authority can decrypt every cipher text 
addressed to specific users by generating their 
attribute keys. If the key authority is compromised 
by adversaries when deployed in the hostile 
environments, this could be a potential threat to 
the data confidentiality or privacy especially when 
the data is highly sensitive. The key escrow is an 
inherent problem even in the multiple-authority 
systems as long as each key authority has the 
whole privilege to generate their own attribute 
keys with their own master secrets. Since such a 
key generation mechanism based on the single 
master secret is the basic method for most of the 
asymmetric encryption systems such as the 
attribute -based or identity-based encryption 
protocols, removing escrow in single or multiple- 
authority CP-ABE is a pivotal open problem. The 
last challenge is the coordination of attributes 
issued from different authorities. When multiple 
authorities manage and issue attributes keys to 
users independently with their own master secrets, 
it is very hard to define fine-grained access 
policies over attributes issued from different 
authorities. For example, suppose that attributes 
“role 1” and “region 1” are managed by the 
authority A, and “role 2” and “region 2” are 
managed by the authority B. Then, it is impossible 
to generate an access policy ((“role 1” OR “role 
2”) AND (“region 1” or “region 2”)) in the 
previous schemes because the OR logic between 
attributes issued from different authorities cannot 
be implemented. This is due to the fact that the 
different authorities generate their own attribute 


keys using their own independent and individual 
master secret keys. Therefore, general access 
policies, such as “-out-of- ” logic, cannot be 
expressed in the previous schemes, which is a 
very practical and commonly required access 
policy logic. 

Attribute-Based Encryption for Fine-Grained 
Access Control of Encrypted Data 

As more sensitive data is shared and stored 
by third-party sites on the Internet, there will be a 
need to encrypt data stored at these sites. One 
drawback of encrypting data, is that it can be 
selectively shared only at a coarse-grained level 
(i.e., giving another party your private key). We 
develop a new cryptosystem for “ne-grained 
sharing of encrypted data that we call Key-Policy 
Attribute-Based Encryption (KP-ABE). In our 
cryptosystem, ciphertexts are labeled with sets of 
attributes and private keys are associated with 
access structures that control which ciphertexts a 
user is able to decrypt. We demonstrate the 
applicability of our construction to sharing of 
audit-log information and broadcast encryption. 
Our construction supports delegation of private 
keys which subsumes Hierarchical Identity-Based 
Encryption (HIBE). 

Decentralizing Attribute-Based Encryption 

We propose a Multi-Authority Attribute- 
Based Encryption (ABE) system. In our system, 
any party can become an authority and there is no 
requirement for any global coordination other 
than the creation of an initial set of common 
reference parameters. A party can simply act as an 
ABE authority by creating a public key and 
issuing private keys to different users that reect 
their attributes. A user can encrypt data in terms 
of any Boolean formula over attributes issued 
from any chosen set of authorities. Finally, our 
system does not require any central authority. In 
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constructing our system, our largest technical 
hurdle is to make it collusion resistant. Prior 
Attribute-Based Encryption systems achieved 
collusion resistance when the ABE system 
authority \tied" together different components 
(representing different attributes) of a user's 
private key by randomizing the key. However, in 
our system each component will come from a 
potentially different authority, where we assume 
no coordination between such authorities. We 
create new techniques to tie key components 
together and prevent collusion attacks between 
users with different global identifiers. We prove 
our system secure using the recent dual system 
encryption methodology where the security proof 
works by first converting the challenge ciphertext 
and private keys to a semi-functional form and 
then arguing security. We follow a recent variant 
of the dual system proof technique due to Lewko 
and Waters and build our system using bilinear 
groups of composite order. We prove security 
under similar static assumptions to the LW paper 
in the random oracle model. 

Identity-based Encryption with Efficient 
Revocation 

Identity-based encryption (IBE) is an 
exciting alternative to public-key encryption, as 
IBE eliminates the need for a Public Key 
Infrastructure (PKI). Any setting, PKI- or 
identity-based, must provide a means to revoke 
users from the system. Efficient revocation is a 
well- studied problem in the traditional PKI 
setting. However in the setting of IBE, there has 
been littlework on studying the revocation 
mechanisms. The most practical solution requires 
the senders to also use time periods when 
encrypting, and all the receivers (regardless of 
whether their keys have been compromised or 
not) to update their private keys regularly by 


contacting the trusted authority. We note that this 
solution does not scale well - as the number of 
users increases, the work on key updates becomes 
a bottleneck. We propose an IBE scheme that 
significantly improves key-update efficiency on 
the side of the trusted party (from linear to 
logarithmic in the number of users), while staying 
efficient for the users. Our scheme builds on the 
ideas of the Fuzzy IBE primitive and binary tree 
data structure, and is provably secured. 

Message Ferry Route Design for Sparse Ad hoc 
Networks with Mobile Nodes 

Message ferrying is a networking paradigm 
where a special node, called a message ferry, 
facilitates the connectivity in a mobile ad hoc 
network where the nodes are sparsely deployed. 
One of the key challenges under this paradigm is 
the design of ferry routes to achieve certain 
properties of end to-end connectivity, such as, 
delay and message loss among the nodes in the ad 
hoc network. This is a difficult problem when the 
nodes in the network move arbitrarily. As we 
cannot be certain of the location of the nodes, we 
cannot design a route where the ferry can con act 
the nodes with certainty. Due to this difficulty, 
prior work has either considered ferry route 
design for ad hoc networks where the nodes are 
stationary, or where the nodes and the ferry move 
pro-actively in order to meet at certain locations. 
Such systems either require long-range radio or 
disrupt nodes' mobility patterns which can be 
dictated by non-communication tasks. We present 
a message ferry route design algorithm that we 
call the Optimized Way-points, or OPWP, that 
generates a ferry route which assures good 
performance without requiring any online 
collaboration between the nodes and the ferry. 
The OPWP ferry route comprises a set of way- 
points and waiting times at these way-points, that 
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are chosen carefully based on the node mobility 
model. Each time that the ferry traverses this 
route, it contacts each mobile node with a certain 
minimum probability. The node-ferry contact 
probability in turn determines the frequency of 
node-ferry contacts and the properties of end-to- 
end delay. We show that OPWP consistently 
outperforms other naive ferry routing approaches. 

Performance Evaluations of Data-Centric 
Information Retrieval Schemes for DTNs 

Mobile nodes in some challenging 
network scenarios, e.g. battlefield and disaster 
recoveryscenarios, suffer from intermittent 
connectivity and frequent partitions. Disruption 
Tolerant Network (DTN) technologies are 
designed to enable communications in such 
environments. Several DTN routing schemes have 
been proposed. However, not much work has been 
done on designing schemes that provide efficient 
information access in such challenging network 
scenarios. In this paper, we explore how a 
content-based information retrieval system can be 
designed for DTNs. There are three important 
design issues, namely (a) how data should be 
rephcated and stored at multiple nodes, (b) how a 
query is disseminated in sparsely connected 
networks, (c) how a query response is routed back 
to the issuing node. We first describe how to 
select nodes for storing the replicated copies of 
data items. We consider the random and the 
intelligent caching schemes. In the random 
caching scheme, nodes that are encountered first 
by a data-generating node are selected to cache 
the extra copies while in the intelligent caching 
scheme, nodes that can potentially meet more 
nodes, e.g. faster nodes, are selected to cache the 
extra data copies. The number of replicated data 
copies K can be the same for all data items or 
varied depending on the access frequencies of the 


data items. In this work, we consider fixed, 
proportional and square-root replication schemes. 
Then, we describe two query dissemination 
schemes: (a) W-copy Selective Query Spraying 
(WSS) scheme, (b) L hop Neighbourhood 
Spraying (LNS) scheme. In the WSS scheme, 
nodes that can move faster are selected to cache 
the queries while in the LNS scheme, nodes that 
are within L-hops of a querying node will cache 
the queries. For message routing, we use an 
enhanced Prophet scheme where a next-hop node 
is selected only if its predicted delivery 
probability to the destination is higher than a 
certain threshold. We conduct extensive 
simulation studies to evaluate different 
combinations of the replication and query 
dissemination algorithms. Our results reveal that 
the scheme that performs the best is the one that 
uses the WSS scheme combined with binary 
spread of replicated data copies. The WSS scheme 
can achieve a higher query success ratio when 
compared to a scheme that does not use any data 
and query replication. Furthermore, the square- 
root and proportional rephcation schemes provide 
higher query success ratio than the fixed copy 
approach with varying node density. In addition, 
the intelligent caching approach can further 
improve the query success ratio by 5.3% to 15.8% 
with varying node density. Our results using 
different mobility models reveal that the query 
success ratio degrades at most 7.3% when the 
community-based model is used compared to the 
Random Waypoint (RWP) model. Compared to 
the RWP and the community-based mobility 
models, the UmassBusNet model from the 
DieselNet project achieves much lower query 
success ratio because of the longer inter-node 
encounter time. 


Available online: http://internationaliournalofresearch.org/ 


P a g e | 100 


International Journal of Research 



International Journal of Research (I JR) 

e-ISSN: 2348-6848, p- ISSN: 2348-795X Volume 2, Issue 11, November 2015 

Available at http://internationaljoumalofresearch.org 



Java Program 


class He'll oWorld% < 

public static void nain(String[] ergs) { 
Systert .out . pri ntl n ("Hello World ! *6 ; 

> 

> 


-►►(Compiler) 


HelloWorlctopp, java 


(interpreter) (interpreter ) (interpreter ) 

V ' ' t ' 

1 DIB 

ffli ES 


Win32 Solaris MacOS 

SYSTEM IMPLEMENTATION 
Sender 


In this module, the Sender is 
responsible for registering the Users by 
providing details Name, Password, 
Confirm Password, Battalion (bl,b2,b3) , 
Region(Rl,R2,R3). Sender Browses the 
data File, encrypts it and gets the key from 
Key Authority Server (KA1, KA2, and 
KA3). Uploads their data files to the 
Storage Node and sender is authenticated 
to provide privileges for End User. 
Disruption Tolerant Network Router 

The Disruption Tolerant Network 
Router (DTN) technologies are becoming 
successful solutions in military 
applications that allow wireless devices to 
communicate with each other and access 
the confidential information reliably by 
exploiting external storage nodes. In this 
module we introduced storage nodes in 
DTNs where data is stored or replicated 
such that only authorized mobile nodes 
can access the necessary information 


quickly and efficiently. In DTN encrypted 
data file and details will be stored Storage 
Node. 

Key Authority 

The key authority (KA1, KA2, and 
KA3) is responsible to generate the secret 
key for the file belongs to the particular 
Battalion and region. The End User 
Request to the storage node using the file 
Name, secret key, Battalion and Region, 
Then storage node connect to the 
respective Key authority server. If all 
specified Details are correct then file will 
sent to the end user, or else he will be 
blocked in a storage node. The Key 
Authority server can view the users, 
privileges, keys. Thus, the key authority 
can decrypt every cipher text addressed to 
specific users by generating their attribute 
keys. 

End User 

In this module, the End user can 
access the file details and end user who will 
request and gets file contents response 
from the DTN Router. If the credential file name 
and secret key is correct then the end user 
will get the file response from the router in 
Decrypted format. 

Threat model 

Threat model is one who is trying 
to access the file which is belongs to other 
user by injecting the fake details to the file 
in the storage node is considered as 
Attacker. The attacker can be Data 
confidentiality or collusion-resistance. 

1) Data confidentiality: Unauthorized 

users who do not have enough 
credentials satisfying the access pohcy 
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should be deterred from accessing the 
plain data in the storage node. In 
addition, unauthorized access from the 
storage node or key authorities should 
be also prevented. 

2) Collusion-resistance: Suppose there 
exist a user with attributes {’’Battalion 
1”, “Region 1”} and another user with 
attributes {’’Battalion 2”, “Region 2”}. 
They may succeed in decrypting a 
cipher text encrypted under the access 
policy of (“Battalion 1” AND “Region 
2”), even if each of them cannot 
decrypt it individually. We do not 
want these colluders to be able to 
decrypt the secret information by 
combining their attributes. We also 
consider collusion attack among 
curious local authorities to derive 
users keys. 

MODULES: 

1 . Key Authorities 

2. Storage Nodes 

3. Sender 

4. User 

MODULES DESCRIPTION! 

Key Authorities: 

They are key generation centers that 
generate public/secret parameters for CP-ABE. 
The key authorities consist of a central authority 
and multiple local authorities. We assume that 
there are secure and reliable communication 
channels between a central authority and each 
local authority during the initial key setup and 
generation phase. Each local authority manages 
different attributes and issues corresponding 
attribute keys to users. They grant differential 
access rights to individual users based on the 
users’ attributes. The key authorities are assumed 
to be honest-but-curious. That is, they will 


honestly execute the assigned tasks in the system; 
however they would l ik e to learn information of 
encrypted contents as much as possible. 

Storage node: 

This is an entity that stores data from 
senders and provide corresponding access to 
users. It may be mobile or static. Similar to the 
previous schemes, we also assume the storage 
node to be semi-trusted that is honest-but-curious. 
Sender: 

This is an entity who owns confidential 
messages or data (e.g., a commander) and wishes 
to store them into the external data storage node 
for ease of sharing or for reliable delivery to users 
in the extreme networking environments. A 
sender is responsible for defining (attribute based) 
access policy and enforcing it on its own data by 
encrypting the data under the policy before storing 
it to the storage node. 

User: 

This is a mobile node who wants to access 
the data stored at the storage node (e.g., a soldier). 
If a user possesses a set of attributes satisfying the 
access policy of the encrypted data defined by the 
sender, and is not revoked in any of the attributes, 
then he will be able to decrypt the ciphertext and 
obtain the data. 

Functional Requirements 

Functional Requirement defines a function 
of a software system and how the system must 
behave when presented with specific inputs or 
conditions. These may include calculations, data 
manipulation and processing and other specific 
functionality. In this system following are the 
functional requirements:- 

• The Service provider /Sender are 
responsible for registering the Users by 
providing their details, including Battalion 
and Region. 
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• The DTN Router stores the encrypted data 
file and their details in the Storage Node. 

• The End User Request to the storage node 
using their credentials like file Name, 
secret key, Battalion and Region. 

• Then storage node connects to the 
respective Key authority server. If all 
credentials are correct then user is 
authorized to receive the file. 

• If the user gives wrong credentials file 
name, secret key, Battalion, Region, then 
the end user will considered as non- 
authorized user. 

• The Attributes are File Management, 
Attackers, Access control, attribute-based 
encryption (ABE), disruption-tolerant 
network (DTN), multiauthority, secure 
data retrieval. 

Non - Functional Requirements 

Non - Functional requirements, as the 
name suggests, are those requirements that are not 
directly concerned with the specific functions 
delivered by the system. They may relate to 
emergent system properties such as reliability 
response time and store occupancy. Alternatively, 
they may define constraints on the system such as 
the capability of the Input Output devices and the 
data representations used in system interfaces. 
Many non-functional requirements relate to the 
system as whole rather than to individual system 
features. This means they are often critical than 
the individual functional requirements. The 
following non-functional requirements are worthy 
of attention. 

The key non-functional requirements are: 

> Security: The system should allow a 
secured communication between Sender 
and 

Router and Receiver. 


> Energy Efficiency: The Time consumed 
by the Router to transfer the File’s Packets 
from the Receiver. 

Reliability: The system should be reliable 
and must not degrade the performance of the 
existing system and should not lead to the 

hanging of the system. 

SOFTWARE REQUIREMENT 

SPECIFICATION 

This Chapter describes about the 
requirements. It specifies the hardware and 
software requirements that are required in order to 
run the application properly. The Software 
Requirement Specification (SRS) is explained in 
detail, which includes overview of this 
dissertation as well as the functional and non- 
functional requirement of this dissertation. 


SRS for Secure Data Retrieval for 
Decentralized Disruption-Tolerant Military 
Networks 


Functional 

Control the Congestion in DTN Router; Key generation, Authenticate the 
users, muitiauthoritv in kev authority server for kev generation. Providine the 
access control for each and every file by generating the keys, Protects the Files 
in disttuption-tolerant network, secure data retrieval, Finding the malicious 
user. 

Non- Functional 

The Sender and Receiver never Find the Router performance. 

External Interface 

LAN , Routers, WAN 

Performance 

Finding File Attackers Information, Access control of files in network, View 
the Privileges, Viewing the keys, View the Registered user, authentication of a 
user, Encrypt the contents, attribute based encryption, End User Can view files 
available. 

Attributes 

File Management, Attackers, Access control, attribute-based encryption 
(ABE), disruption-tolerant network (DTN). muitiauthoritv and secure data 
retrieval. 


t ii r ’ rrnr 

Table: Summaries of SRS 
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CONCLUSION: 

DTN technologies are becoming 
successful solutions in militaryapplications that 
allow wireless devices to communicatewith each 
other and access the confidential information 
reliablyby exploiting external storage nodes. CP- 
ABE is a scalablecryptographic solution to the 
access control and secure data retrievalissues. In 
this paper, we proposed an efficient and 
securedata retrieval method using CP-ABE for 
decentralized DTNs where multiple key authorities 
manage their attributes independently. The 
inherent key escrow problem is resolved such 
thatthe confidentiality of the stored data is 
guaranteed even underthe hostile environment 
where key authorities might be compromisedor 
not fully trusted. In addition, the fine-grained 
keyrevocation can be done for each attribute 
group. We demonstratehow to apply the proposed 
mechanism to securely andefficiently manage the 
confidential data distributed in the disruption- 
tolerant military network. 
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